What is a Stored Procedure?

Stored Procedures are a batch of SQL statements that can be executed in a couple of ways. Most major DBMs support stored procedures; however, not all do. You will need to verify with your particular DBMS help documentation for specifics. As I am most famillar with SQL Server I will use that as my samples.

A benefit of stored procedures is that you can centralize data access logic into a single place that is then easy for DBA's to optimize. Stored procedures also have a security benefit in that you can grant execute rights to a stored procedure but the user will not need to have read/write permissions on the underlying tables. This is a good first step against SQL Injection.

Stored procedures do come with downsides, basically the maintaince associated with your basic CRUD operation. Let's say for each table you have an Insert, Update, Delete and at least one select based on the Primary key, that means each table will have 4 procedures. Now take a decent size database of 400 tables, and you have 1600 procedures! And that's assuming you don't have duplicates which you probally will.

This is where using an ORM or some other method to auto generate your basic CRUD operations has a ton of merit.